RPCScan v2.03 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the multiple buffer overflow vulnerabilities released in the MS03-026 and MS03-039 bulletins.
RPCScan v2.03 is intended for use by enterprise system and network administrators as a fast and reliable utility for identifying at risk Microsoft systems in a passive manner. This tool is non-abrasive in nature and may be run in production environments during production hours.
The Distributed Component Objects Model (DCOM) protocol and Remote Procedure Call (RPC) service are installed by default with many Microsoft Windows operating systems. DCOM allows application components to be distributed across multiple servers.
Three vulnerabilities have been identified in the RPCSS service which handles RCP messages for DCOM object activation requests that are sent from one machine to another. Two of these vulnerabilities can result in remote, unauthorized, arbitrary code execution. The third can result in a local denial-of-service condition. These vulnerabilities result from inadequate message handling, and affect the DCOM interface within the RPCSS service.